Critical mySCADA myPRO flaws could let attackers take over industrial control systems

- Cybersecurity researchers have revealed two serious flaws in mySCADA myPRO, a SCADA system used in operational technology environments, which could let hackers take control of affected systems. - mySCADA Technologies is a technical leader in SCADA field, headquartered in Prague, in the Czech Republic. - PRODAFT, a Swiss security company, warned that these vulnerabilities could lead to unauthorized access to industrial control networks, causing major disruptions and financial damage. - The two issues are rated 9. 3 on the CVSS v4 scoring system and are detailed as follows: * CVE-2025-20014: A command injection vulnerability that allows attackers to execute commands through specially crafted POST requests containing a version parameter. * CVE-2025-20061: A similar vulnerability that allows command execution using POST requests with an email parameter. - Both problems arise from inadequate user input sanitization. To address these issues, updates have been released for mySCADA PRO Manager and mySCADA PRO Runtime. Recommendations include applying latest patches, isolating SCADA systems, using strong authentication, and monitoring for suspicious activities.